From 7e6a8e7a6c37122fce8781e5f8e82458905960b3 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 21 Mar 2017 14:26:54 +0100 Subject: [PATCH 36/36] KCM: Idle-terminate the responder if the secrets back end is used MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Existing with memory database would be fatal as we keep the ccaches in memory then, but if the ccaches are stored in sssd-secrets, we can just exit on idle. Reviewed-by: Michal Židek Reviewed-by: Simo Sorce --- src/config/cfg_rules.ini | 1 + src/responder/kcm/kcm.c | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 67a5d1f5ad447a942b437ffd04a7f5d7cfe77d7f..933ebccd828189d923d2186753dfbc0b5c0814ce 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -281,6 +281,7 @@ option = client_idle_timeout option = description option = socket_path option = ccache_storage +option = responder_idle_timeout [rule/allowed_domain_options] validator = ini_allowed_options diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c index 3ee978066c589a5cc38b0ae358f741d389d00e7a..2202f96381a2622a2c5433e281172287b325f960 100644 --- a/src/responder/kcm/kcm.c +++ b/src/responder/kcm/kcm.c @@ -133,6 +133,15 @@ static int kcm_get_config(struct kcm_ctx *kctx) goto done; } + if (kctx->cc_be == CCDB_BE_SECRETS) { + ret = responder_setup_idle_timeout_config(kctx->rctx); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot set up idle responder timeout\n"); + /* Not fatal */ + } + } + kctx->qctx = kcm_ops_queue_create(kctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, -- 2.9.3